Ask the Expert

Child domain controller lacks administrative rights

We have two domains with a parent-child relationship. All client desktops are connected to the parent domain. I have an application that will be installed from the child domain to the desktop clients. The problem I am facing now is the child domain controller does not have administrator rights to the client computers. I checked from the child domain controller by giving computer1c$ when it was asking for username and password, whereas when doing the same thing from the parent I can list the contents. Our environment is with Windows 2000 Server and Win2000 Professional as clients. The client application has to be installed on a domain controller, and we want to separate it from the main domain controller.

    Requires Free Membership to View

The child domain accounts do not inherently have permissions in the parent domain. However, if the application that you are using needs to have administrative rights you can put the applications service account name in the local administrators group on the workstations. If you have multiple accounts that need to be local administrators from multiple domains you can also utilize the UNIVERSAL groups. UNIVERSAL groups can contain members from both domains and have a scope of the entire forest. You can then put the UNIV group into the local administrators group on every workstation. In the future, if you need to give techies or other service accounts access you can just add them into the UNIV group.

Paul Hinsberg

Additional Expert Help:
Be sure to check our Answer FAQ for more expert advice.
For faster answers, visit ITKnowledge Exchange.

This was first published in November 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: